Firefox for Enterprise Support Forum

Hello world,

This problem is sticking for a year now. We even switched to ESR thinking it will fixed the problem but to no avail. After a bunch of test, I've finally decided to post and ask for help. Tests have been done on macos 11.6 fresh vanilla install, no encryption (no filevault, I hate it), and Firefox 91.1.0esr (64 bits), but problem is the same since version 75 + (no problem seen on windows or linux) If I don't use Profiles Manager, at each launch of Firefox a new profile is created with no import from former profiles. If I do use Profiles Manager, I can keep on choosing my default profile, and no new ones are created, BUT new install is added to install.ini and profiles.ini. All tests have been done with the exact same firefox (i mean, application is the same and correctly installed in the /Applications of macos).

Here is the profiles.ini

[Install5A291CFD23D97DBF] Default=Profiles/ucaeqkrb.default-esr Locked=1

[Profile0] Name=default-esr IsRelative=1 Path=Profiles/ucaeqkrb.default-esr Default=1

[General] StartWithLastProfile=0 Version=1

[InstallF5B6C4E8673B7987] Default=Profiles/ucaeqkrb.default-esr Locked=1

[Install7F9608401B386673] Default=Profiles/ucaeqkrb.default-esr Locked=1

And the installs.ini

[5A291CFD23D97DBF] Default=Profiles/ucaeqkrb.default-esr Locked=1

[F5B6C4E8673B7987] Default=Profiles/ucaeqkrb.default-esr Locked=1

[7F9608401B386673] Default=Profiles/ucaeqkrb.default-esr Locked=1

As you can see each launch of Firefox created a new hash of installation (even if same it's always the same firefox version). As long as I choose my default profile in profiles manager, I can keep it. If I switch to default comportment, I will get a new profile at each launch (as it see en new install hash) and it will not import former profiles (even if it's from the same or an older version).

So I'm wandering, why Firefox keeps on adding a news install hash on each launch, and/or how can I prevent it from doing it.

We have around 1000 Firefox installations on our government organization, all installed via the Firefox MSI installer. Unfortunately, we came late to realize that the Firefox ESR would be a much more suitable product, compared to the normal Firefox branch.

Now, some years ago we would simply mass uninstall the normal Firefox and mass install the (latest) ESR version and all would be well. Problem is that we have to keep existing profiles (including passwords/bookmarks etc), something that is not supported in the latest Firefox builds.

Can anyone offer some advice/"hacks" to accomplish this? Note that whatever we'll do, we'll have to do it automatically, we lack the man-power to do this manually on a system by system basis...

Thanks in advance for any information provided.

How can I have the bookmarks display for user every time, after upgrade or downgrade? The users cannot do any intervention. Is there a way to copy and export bookmarks, make the Default-Release profile display on launch or startup?

Thanks Mike for the description here: https://support.mozilla.org/en-US/kb/firefox-enterprise-87-release-notes by Mike Kaply

Does the following section meant that policies.json would win a conflict with a setting that is also set in GPO: The policies.json file is no longer ignored if policies are specified via GPO (Windows) or configuration profiles (macOS). The policies are combined with GPO or configuration profile taking precedence over policies.json where there are conflicts.

My purpose is deploy specific Certification Authority, which is available in network share, to Firefox by Active Directory group policy (Windows 2012 R2) or alternately to set 'security. enterprise_roots' to 'enabled' so that Firefox can use Windows Certificate Store. Clients are using Firefox on Windows XP, 7, 10 and consequentially different Firefox version. Can I apply my task ? Suggestions ?

Hello all,

we need help for a GPO rule. Currently we have set Disable Update to enabled.

Otherwise every update is updated differently between ESR and customer version.

We only want the FireFox ESR version to be updated. Would this be possible? Can you help us? A manual would be best.

Many greetings Sathiyaparan

On our Window Server 2019 AD we had deployed a large number of Firefox (non-ESR) installations. To ease administration, we had also utilized the Mozilla provided admx templates to tune these installations. As an example, we had had a policy to enable and display the support menu (under "Help") to a support URL of our own organization.

Today, looking around on my own Firefox this support menu option was gone. Checking around other systems I see that they suffer from the same issue.

All of our Firefox-related GPOs utilise the computer portion of the GPO (specifically computer options -> Policies -> Administrative Templates -> Mozilla-Firefox) and not the user ones. Is that wrong?

Hello,

we have some trouble in our Enterprise Environment with tls 1.3 and 0rtt data. The integrated google search and other websites doesnt work as they should (Pages doesnt load and stay white).

So we want to turn of "security.tls.enable_0rtt_data" with Group Policy. But i cannot find a switch for this setting.

When i try to set security.tls.enable_0rtt_data with Preferences in GPO it doesnt work (old Preferences is empty) { "security.tls.enable_0rtt_data": { "Value": false, "Status": "locked" } }

With Preferences i am able to configure security.tls.hello_downgrade_check, but not security.tls.enable_0rtt_data

The only workaround would be to disable tls 1.3 completely and use tls 1.2. (security.tls.version.max = 3) Is there a solution for this?

Regards, Michael

Hello, I ve tried to block file:///c:/ in Firefox Quantum release 60.4.0esr(32-bit) by the above .json with no results. I ve also tried to block it in a newer release and it was fine (78.15.0esr (32-bit)). Is anything i can do to block it in this particular version i m using(60.4.0esr(32-bit))?

Thank you

{ "policies": { "WebsiteFilter": { "Block": ["file:///C:/*"] } } }

I originally had the latest release version of Firefox but started to experience issues with certain banking websites, and misc printing issues. So I decided to downgrade from the release version to the extended support release.

I uninstalled the release version, and went into the Appdata folder and deleted anything Firefox related. Then I installed the ESR version. It worked fine for the day, but a restart the next day, I discovered that my install changed from ESR to the release channel. I once again went through the install process mentioned above, and the next day, the same thing happened. Any idea on why this might be changing?

Note: I have tried both the MSI and .exe versions and experience the same issue. I am the only one that logs into this workstation. This workstation is actually a Azure Virtual Desktop with a variation of windows 10. (Screenshot attached with the OS).

Hi Looking to control the following tab options via Intune but i cannot seem to identify the OMI-url settings. Are these setting manageable via OMI-url?

Settings>Tabs>Open links in tabs instead of a new window Settings>Tabs>When you open a link or media in a new tab, switch to it immediately

Thanks in advance

Hi,

I want to deploy the Firefox .msi installer using Intune as Line of Business application.

I can deploy any other msi in this manner successfully, except Firefox. The application installs, but never reports back to Intune that it was a success, just pending, which makes my AutoPilot deployment fail.

Here are a couple forms from people having the same issue.

https://www.reddit.com/r/Intune/comments/mvp80t/firefox_msi_always_waiting_for_install_status/

https://www.reddit.com/r/Intune/comments/lych1h/deployed_msi_stuck_on_pending_install/

It seems that the only way people can fix it is by wrapping the .exe installer as win32 app in Intune. While that technically works, it removes abilities to control versions in a large company.

We really need the MSI to return success codes properly, or we have to stop using Firefox.

Anyone know of any workarounds? Is there something in the MSI I can tweak with Orca?

Thanks

Jeff

Hello, I have a series of laptops that I need to block access to all URLs and only allow access to one. These laptops are not joined to an AD domain so I downloaded the ADMX templates and copied them to c:\windows\policydefinitions. I ran gpedit.msc and added <all_urls> to the Blocked Websites policy and then added the specific URL to the Exceptions to Blocked Websites policy. However I am unable to access the allowed URL as Firefox is blocking it, despite having the URL defined in the exceptions policy.

I have added various other URLs to the exceptions policy like https://www.msn.com, https://www.yahoo.com, and https://www.mozilla.org, and all are blocked. I have tried different match patterns in the blocked policy and none blocked any URL, which I didn't expect them to anyway. I tried these patterns:

*://*.*.*
https://*.*.*
http://*.*.*
*

Also in my testing I added https://www.yahoo.com to the block policy, did not enable the exceptions policy and found Firefox did not block that site, which makes zero sense. Am I missing something? I was able to do something similar to this in Chrome with its ADMX templates copied locally to a non-domain joined PC, and it worked flawlessly.

We are deploying Firefox ESR using Ivanti and have reached a point were were need to start cleaning up rogue installs of Firefox that we are not managing. Has anyone deployed ESR over a local install of Firefox. Does the end user end up with two version of Firefox install or does the ESR version write over the previously installed version? Does the end user lose their bookmarks and history? I'm just curious as too what others have experienced so I can notify my first test group on what they can expect.

Hello,

How can i prevent users from enable menu bar in firefox with Mozilla .cfg file or GPO?

i hide successfully the menu bar with userChrome.css but users can enable it with righ click -> and check menu bar option.

I would also like to configure in the same way (GPO or .cfg) the option to "Always ask where to save the files"

Thank you,

Hello

I'm Bae, and i'm sorry for my poor English.

I want to make my users be able to use seamless single sign on to Microsoft Azure by setting Firefox config with Active Directory group policy.

First, I created the 'user.js' file and wrote 'user_pref("network.negotiate-auth.trusted-uris","https://autologon.microsoftazuread-sso.com");' and 'user_pref("network.negotiate-auth.delegation-uris","https://autologon.microsoftazuread-sso.com");' in it.

Second, I put this user.js file in the Firefox¥Profiles folder (such as xxx.default-release).

Third, I checked that the setting was changed on about:config.

Last, I also checked that I could use seamless single sign on to "www.office.com".

What I want to do is to distribute this user.js file to my domain users (exactly, to users' firefox profiles folder) by group policy. Please tell me how to do.

Or, if there is any way to set 'network.negotiate-auth.trusted-uris' and 'network.negotiate-auth.delegation-uris' without user.js file, such as Firefox group policy template, please tell me which one I should modify.

Thanks.

I downloaded the admx files for Mozilla Firefox and put them in with the other Windows provided Administrative Local Policy Templates, thinking that it SHOULD show up in the Group Policy Editor tool provided with Windows 10. Apparently I could not have been more wrong. Does anybody know how to make the template show up on a non-domain (Home PC running Windows 10 Pro) computer? Granted, I know I can't control it from "Active Directory" since there is none, but I still want to add this functionality to the PC.

What I have tried: I renamed C:\Windows\PolicyDefinitions to C:\Windows\PolicyDefinitions.old I then Reopened GPEditor and verified all templates had been cleared of viewing (Empty set). I then created a new folder called C:\Windows\PolicyDefinitions and copied the files into it. It refuses to read the Firefox, but everything else shows back up. I downloaded the files again, and reinstalled them, but it still does not show up. I then Rebooted the PC, but my attempts were futile. Any assistance would be appreciated.

I make the Mendeley Firefox plugin available to managed windows 10 workstations by downloading the plugin file to this location on a workstation:

C:\Program Files (x86)\Mendeley Desktop\Firefox Importer\mendeley_web_importer-3.2.65-fx.xpi

and then add a registry setting to the machine as follows:

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions] "@mendeleyimporter"="C:\\Program Files (x86)\\Mendeley Desktop\\Firefox Importer\\mendeley_web_importer-3.2.65-fx.xpi"

This method worked for previous versions of Firefox and Mendeley Importer, but for the latest versions of both the plugin no longer appears in Firefox.

No error messages are generated.

Is this method still supported by Firefox?

Thanks Mike

I just created a policies.json file in the appropriate distribution folder with ONE policiy, then restarted the browser, and now the browser shows: The browser is managed by your organisation. ("Der Browser wird durch Ihre Organisation verwaltet." in German.)

Now the question occured to me: Has this any effect on the changes I made before manually in the about:config section, or in the settings UI, other than the one change by the one policy I put in the policies.json?

Firefox 91.3.0esr (64-Bit)

i am switching preference / policy management from the mozilla.cfg file to the admin template/GPO. i need to know if the following are still supported in the current release of Firefox ESR.

lockPref("app.update.enabled", false); lockPref("browser.download.dir", "N:"); lockPref("browser.download.downloadDir", "N:"); lockPref("browser.shell.checkDefaultBrowser", false); lockPref("dom.disable_open_during_load", true); lockPref("privacy.item.history", false); lockPref("xpinstall.whitelist.required", true); lockPref("browser.newtabpage.activity-stream.feeds.section.highlights", false); lockPref("browser.newtabpage.activity-stream.feeds.section.topstories", false); lockPref("browser.urlbar.autocomplete.enabled", false); lockPref("network.automatic-ntlm-auth.allow-non-fqdn", true); lockPref("plugin.default_plugin_disabled", "PDF, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, XLK, XLS, XLT, POT, PPS, PPT, DOS, DOT, WKS, BAT, PS, EPS, WCH, WCM, WB1, WB3, RTF, DOC, MDB, MDE, WBK, WB1, WCH, WCM, AD, ADP"); lockPref("privacy.sanitize.promptOnSanitize", false); lockPref("privacy.sanitize.timeSpan", 40); lockPref("security.enable_ssl2", false); lockPref("security.enable_ssl3", false); lockPref("startup.homepage_welcome_url", ""); lockPref("startup.homepage_welcome_url.additional", ""); lockPref("toolkit.crashreporter.enabled", false);

if they are no longer supported, i need to know when (which release) they became unsupported. if there is a link that details all afailable preference and their support status, please provide that as well.

Thanks in advance.